Historically, the weak point of encryption has been the requirement that the sender and the recipient of an encrypted message use the same encryption key. If the key was intercepted by a third party, then the third party could decrypt the message or even encrypt false messages. Public key cryptography solves this problem, and is particularly useful in the field of computer information security. A recipient of encrypted messages uses an encryption algorithm parameterized by two related numbers. These two numbers are known as a public key and a private key. The public key is made available to the public, and allows anyone to encrypt a message intended for the recipient. The encrypted message can only be decrypted using the private key, which is known only to the recipient. Public key cryptography also allows other security measures to be implemented, such as verification of the sender. The sender authenticates a sent message with the sender's private key, and any recipient can then verify that a received message originated from the sender using the sender's public key.
Although the public key can be made public in any manner, a person intending to send an encrypted message to the recipient may not be confident that the public key actually corresponds to the intended recipient. If the sender uses the incorrect public key, then some other person may be able to decrypt the encrypted message. Similarly, a recipient of an authenticated message may not be confident that the public key used to verify that the message was authenticated by the apparent sender actually corresponds to the apparent sender. To avoid this problem, public keys are typically distributed to the public using public key certificates (ITU Recommendation X.509, 1993; referred to hereinafter as “X.509”). A public key certificate (“certificate”) consists of a user's distinguishing name, the public key to be associated with that name, and the digital signature of a trusted third party, commonly referred to as a Certification Authority (CA). The certificate usually also contains additional fields, such as an expiry date of the public key and a serial number which uniquely identifies the certificate as originating from a particular CA. The certificate effectively serves as the CA's guarantee that the public key is associated with the user. Certificates are usually stored in public databases, commonly referred to as repositories. A sender who wishes to send an encrypted message to a recipient retrieves the recipient's certificate from a repository. Once the sender successfully verifies that the digital signature correctly corresponds to the CA, the sender may be reasonably confident that the public key is authentic and may safely proceed to use the public key for cryptographic interactions with the recipient.
A certificate is generated by a CA in response to a request by a user. The user first registers with the CA for billing and identification purposes. When the user wants a certificate, the user sends a Certificate Signing Request to the CA, specifying a distinguishing name (which may belong to the user or to another party within the administrative control of the user the same as the user). The CA generates a certificate and places the certificate in a repository. When issued, the certificate has a finite lifetime, often of one or two years. As used throughout this description, the lifetime of a certificate is the length of time remaining before the certificate expires.
The user may revoke the certificate before the expiry date. Revocation may occur, for example, if the user is a domain administrator and servers or users are being dropped from the domain and the related certificates are no longer needed. Revocation may also occur if the user suspects that the private key has been compromised. Unfortunately, when a certificate is revoked the CA and the user have only two options. The certificate can be eliminated, which adds cost to the user for unused lifetime of the certificate. Alternatively the CA can issue a replacement certificate, but this adds cost to the CA as the replacement certificate will have the same fixed finite lifetime as the original certificate had when it was issued. If revocation occurs shortly before the certificate expires, the user will have effectively received two certificates for the price of one.